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Digital Transformation in 2019 


Accelerate DevOps with Qualys Security Platform 
* Recent cloud, container security product updates 


The road ahead 


Qualys value proposition for cloud € container security 
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The Changing Role of Security 


Security selects, SER DevOps — 
builds the operationalizes, 
uses the 


security tooling security tooling 
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Example Customer Scenario 
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Customer Data 
(Plis, Credit Cards etc) 


Field Force 
(Employees) 


A 
IN 
^ M 
- i 
بر‎ R e 
- ae >~ ~ 
^ e 
7 N 
4 \ 
GKE Kubernetes GKE Kubernetes 
Cluster Cluster 
A A 
ZN ZN 
€ - ~ 
= ~ - - 
Ber ۱ == Lae | —— 
Y N Y N 
V y y y v y 
Pod Micro Pod Micro Pod Micro Pod Micro Pod Micro Pod Micro 
Service 1 Service 2 Service 5 Service 3 Service 4 Service 6 


Customer Social Stock Trading App 


Security Challenges in the Cloud 


Lack of visibility or control on cloud resources 
* Instances, containers, serverless 


Misconfiguration of cloud services 
Multi cloud environment magnifies security challenges 


Lack of a unified toolset for implementing security controls for on-prem 
& cloud workloads 
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Securing Your Cloud Deployments 


laaS PaaS SaaS 


EC2 Instance, Azure RDS, Azure SOL Google Suite, Office 365 
VM, GCP Instance Database, Elastic Bean 
Stalk, Containers 


Cloud Infrastructure 


S3 Bucket, Security Group, Network Security Group, 
Storage Blobs, Load Balancers, Firewall Rules 
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Cloud Security 


Securing Cloud Workloads 
Hardening and Standardizing 


VULNERABILITY 
MANAGEMENT 


* Vulnerability 
Management 


(Internal & Perimeter) 
* Threat Protection 
e Indicators of Compromise 
e Patch Management 


POLICY 
COMPLIANCE 


* Policy Compliance (incl. 
Secure Configuration 
Assessment) 


e File Integrity Monitoring 


APPLICATION 
SECURITY 


* Web Application Scanning 
(WebApps and REST APIs) 

* Web Application Firewall 

* API Security” 
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Vulnerability Analysis in CI/CD 


Blocking vulnerable applications/images (gjejng production 
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Rich Visibility 
with CloudView 


VISIDINIE Y into your cloud 
resources 


Identify public 
facing/perimeter 
resources 


Resource usage by 
regions/accounts. 


View associations to 
identify the blast radius 


AWS RESOURCE DISTRIBUTION BY TYPE AZURE RESOURCE DISTRIBUTION BY TYPE GCP RESOURCE DISTRIBUTION BY TYPE 
Network ACL, „ Route Table 
\ irewallRules X un. Networks 
ev. p^. 
ee LG Instance 
EBS Volume N N 83 Buck N 
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AWS LAMBDA DISTRIBUTION BY RUNTIME 


RESOURCE DISTRIBUTION BY GOOGLE PROJECTS 
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Compliance 
Assessment 


Identify misconfigured 
resources 


Detect resources that are 
non-compliant against 
standards suchas CIS 
Benchmark 


Identify top failed 
controls account tor 
prioritizing the 
remediation efforts 
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CloudView 


Cloud Infrastructure Security Posture v 


Last24Hrs v 


AWS FAILURES BY CONTROL CRITICALITY 


Total Failures 


1195 
۰ 5427 
@ MEDIUM 22 


153 


AWS CIS COVERAGE 


31 % 


AZURE TOP 5 FAILED CONTROLS 


Ensure that all attached VM "Data disks” are encryp. 


Criticality EEN 

Ensure that all the Data disks are encrypted 
Criticality 

Ensure Network Security Group Flow Log retention i 


Ensure default network access rule for Storage Acc. 


Criticality 


DASHBOARD RESOURCES MONITOR POLICY REPORTS CONFIGURATION 
سس‎ 


AZURE FAILURES BY CONTROL CRITICALITY 


Total Failures Total Failures 


520 624 


AWS CCM COMPLIANCE AWS TOP 5 FAILED CONTROLS 


Ensure IAM policies are attached only to groups or 


Ensure access key] is rotated every 90 days or less 


41% 


Ensure access keys unused for 90 days or greater a 


Ensure no security groups allow ingress from 0.0.0. 


GCP TOP 5 FAILED CONTROLS 


68 = Ensure VPC Flow logs is enabled for every subnet i 


68 Ensure Private Google Access is enabled for all sub. 
Criticality [GAY 


61 Ensure VM disks for critical VMs are encrypted with. 
58 Ensure that there are only GCP-managed service ac. 
Criicality RR 
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153K 


153K 


146K 


103 


127 


120 


55 


49 


b 


fS. 


Correlate with Vulnerability Data 


Identify vulnerable 
instances with public 
IP and associated with 
the misconfigured 
security groups 


Use vulnerability 
information for cloud 
instances to prioritize 
threats better 
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CloudView 


Amazon Web Services v 


28 


Total Instances 


REGIONS 

N. Virginia 16 
London 

Mumbai 5 


DASHBOARD 


List View 


RESOURCES 


MONITOR 


POLICY REPORTS 


CONFIGURATION 


vulnerability. threatIntel.easyExploit:true and securitygroup.inboundRule.ipv4Range:0.0.0.0 
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Last24Hrs v 


0 


Without Agents 


+] Resource Summary 


i-09877e1ab68f05330 
demo-aws-ue1-windows-2016-public-B 


i-03c8e8468ca299184 
demo-aws-ew2-windows-2016-public-C 


i-0e8258f50a903cc4f 
demo-aws-ew2-ubuntu-16-public-C 


i-0de3c0e9cc738bcf0 
demo-aws-ue1-ubuntu-16-public-B-2 


i-08ad24b40b2eaf29a 


demo-aws-ew2-windows-2019-public-C 


i-Oab2ff3ca465eef42 
demo-aws-ue1-centos-7-private-B 


i-06f41ddd375f62144 


demo-aws-mumbai-windows-2016-publi 


i-Oafd7b51095e0db68 
demo-aws-ue1-windows-2008-public-B 


636123215182 


636123215182 
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With Public IP 
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Docker Hosts 


Running 


Running 


Running 


Running 


Running 


Running 


Running 


Running 


1-28 of 28 


October 13, 2019 4:46 
AM 


October 12, 2019 8:44 
PM 


October 12, 2019 8:44 
PM 


September 19, 2019 
1:02 AM 


August 27, 2019 7:48 
PM 


August 27, 2019 7:48 
PM 


August 26, 2019 7:41 
AM 


August 24, 2019 7:31 


PM 
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Serverless 
Visibility 


Serverless Visibility 


- Inventory support 
for AWS Lambda 
functions 


Best practices 
policy for 
identifying 
mMeconticUrations 
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CloudView + 


Amazon Web Services v 
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Total Lambda Functions 


REGIONS 
N. Virginia 
Ohio 
Mumbai 


Ireland 
Oregon 


RUNTIME 
nodejs4.3 
python3.7 
java8 
nodejs8.10 
python2.7 
¥ 3 more 


TRACING 


PassThrough 
Active 


LAYERS 


MyLayer1 
AWSLambda-Pyt... 
Layer2 
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List View 


DASHBOARD 


RESOURCES 


MONITOR 


POLICY 


REPORTS CONFIGURATION 


pe 
o 
K 


X resource.type: "Lambda Function" Last24Hrs v 
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CloudView + DASHBOARD RESOURCES MONITOR POLICY REPORTS CONFIGURATION 


Amazon Web Services v 


+] Resource Summary 


FUNCTION NAME 


11 


Total Controls Evaluated 


AB-My-Vulnerable-Lambda-Funct 


AB-TestFuncForVuln-1 Sl HM 
FAIL 10 
PASS 1 
lambda. pass. vpc. nkumar ACCOUNT 
qualys-sa(45772. 11 
qualys-dev(2057... 11 
RDS_Instance_Stop 
CONTROL CRITICALITY 
A HIGH 8 
Krishna MEDIUM 2 
LOW U 
HelloWorld2 


serverlessrepo-serverless-goat-F 


OpenCaseFunction 


NEW 


X. policy.name:"AWS Lambda Best Practices Policy" 


Last24Hrs v 


EVALUATIONS SECURITY POSTURE FAILURES BY CRITICALITY 
Total Evaluations Pass Fail High Medium | Low 
1-11 of 11 / 
li CONTROL NAME Ri VIC الاب‎ STUR 
97 Ensure that Lambda function has tracing enabled EEN Lambda Function 15 133 ES 
Policy: AWS Lambda Best Practices Policy Total Resources: 148. 
98 Ensure that Lambda Function is not using An IAM role for more than one La. Lambda Function 91 57 
Policy : AWS Lambda Best Practices Policy rrer 
99 Ensure that Multiple Triggers are not configured in Lambda Function Lambda Function 
Policy : AWS Lambda Best Practices Policy 
100 Ensure that Lambda Runtime Version is latest and not custom mn Lambda Function 26 122 
Policy : AWS Lambda Best Practices Policy apy 
101 Ensure that Lambda function does not have Admin Privileges EER Lambda Function 142 6 
Policy: AWS Lambda Best Practices Policy erù 
102 Ensure that Lambda function does not have Cross Account Access EEN Lambda Function 148 
Policy: AWS Lambda Best Practices Policy acf 
103 Ensure that Lambda Environment Variables at-rest are encrypted with CMK WEN Lambda Function 111 37 
Policy: AWS Lambda Best Practices Policy SABRAS 
104 Ensure that Lambda Environment Variables are encrypted using AWS encry... Lambda Function 112 36 
Policy: AWS Lambda Best Practices Policy errer 
105 Ensure that Lambda function does not allows anonymous invocation EEN Lambda Function 
Policy : AWS Lambda Best Practices Policy 
106 Ensure that VPC access for Lambda Function is not set to default(Null) EER Lambda Function 9 126 
Policy : AWS Lambda Best Practices Policy سس‎ 
107 Ensure that AWS Lambda excess Permissions are removed EEN Lambda Function 11 137 = 
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NEW 


Built-in Security with Cloud Providers 


> Send findings into Azure, AWS, 


Home > Securty Center- Recommendations > Vulnerabilities in Azure Container Registry images should be remediated (powered by Qualys) (Preview) 


GCP Security Hubs — poe = y 
> Access & investigate findings from === = جح‎ 
within the Cloud Provider Security | = 


256658 


256697 CentOS se 


console 


Azure Host, Container Scanning (Powered by Qualys) 


> Native integration of vulnerability 
assessment of hosts, containers 
(MSFT Azure - Powered by Qualys) 
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Comprehensive Coverage Across 
Public Clouds 


aws A^ e 
~ 7 Google Cloud 
Amazon Web Services Microsoft Azure Google Cloud Platform 


e Inventory 

e Best practices like CIS benchmarks 

* Cloud provider best practices policy benchmarks 
* Mandates like PCI, CCM ISS 

* Control customization 
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Container Security 


Security across the Container Lifecycle 


PRE-DEPLOYMENT PHASE POST-DEPLOYMENT PHASE 


& Jenkins fiz. Es m a^ 9 
“óBamboo ۶ (mm docker ۳ o A C A 


BUILD ) SHIP ) RUN ) HOST 


لپا ]| | 


E Cloud Agent 
© Container Sensor © _ 1 CRS and Container and/or : 
„ Sensor Scanner Appliances 
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CRS - Container Runtime 


Scanning Containers in CI/CD 


AUTOMATED 
۵ © E rees 
. o DOCKER 
(gal > O > [e Jenkins > O > REPOSITORIES 
— M 5 
PERS ^ TY 


1. DevOps friendly container scanning using a plug-in 
2. Actionable, detailed, high-accuracy vulnerability info for DevOps 
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Actionable Vulnerability Information for DevOps 


Jenkins pipeline-project 478 Qualys Report For e8d112117588 


9 Qualys BUILD REPORT - e8d112ff7588 


Build Summary 


Build Status: Failed Image ۱0: 8 
Vulnerabilities 
Tags: Size: 828 MB 


Installed Software 
Layers Build Summary 


The vulnerabilities count by severity for image id e8d112ff7588 exceeded one of the configured threshold value 
Configured : Severity 1 > 0; Severity 2 > 0; Severity 3 > 0: Severity 4 > 0; Severity 5 > 0 
Found : Severity 1: 0, Severity 2: 1, Severity 3: 11, Severity 4: 2, Severity 5: 0 


Vulnerabilities Trend Confirmed Vulnerabilities (10) 


: E 


W Sev 5 (0) 
Bl Sev 4 (1) Qualys Report For e8d112ff7588 
E Sev 3 (9) 
B Sev 2 (0) 

Sev 1 (0) 


Im 
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INSTALLED SOFTWARE 


Show 10 entries Search: on 76259| 


® e Name Installed Version Fixed In Version 


© Confirmed vulnerabilities in current build 
Comparing with build 477 


Potential Vulnerabilities (4) Patchability 


libmagickwand-dev A 8:6.9.7.4+dfsg-11+deb9u3 8:6.9.7.4+dfsg-11+deb9u4 
E Sev 5 (0) B Yes (12) libmagickwand-6-headers A 8:6.9.7.4+dfsg-11+deb9u3 8:6.9.7.4+dfsg-11+deb9u4 
E Sev 4 (1) W no (2) 5 
WB Sev 3 (2) 
B Sev 2 (1) libmagickcore-dev A 8:6.9.7.4+dfsg-11+deb9u3 8:6.9.7.4+dfsg-11+deb9u4 
Sev 1 (0) 
libmagickcore-6-headers A 8:6.9.7.4+dfsg-11+deb9u3 8:6.9.7.4+dfsg-11+deb9u4 
imagemagick-6.q16 Ay 8:6.9.7.4+dfsg-11+deb9u3 8:6.9.7.4+dfsg-11+deb9u4 
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NEW 


Visibility into Container Infrastructure 


© Qualys. Enterprise 


© Asset Details: ubun18tls0 


INVENTORY , Details 
4 Container Summary 
> E = t f | | t = Asset Summary Docker version 18.09.5 à 
ree Inventory Tor ail your container set ome — مود‎ - 
Network Information 
Assoc. imag 4 


infrastructure cM oe || m, = | lann 


Traffic Summary " a Sensor container ID. 2c13b9e3febd 
STOPPED 6 E fce289099..4 
GCP Instance Information 
8 aedf47d4.. 3 Status: RUNNING 
s 


VSEURTY Sensor version 1.3.1-22 


Vulnerabilities. 


» Visibility into containers via Scanner, Wieder IMAGE DISTRIBUTION 


Patch Management 


۰ 4 
E amesoma 8 Total images with containers … 4 
I Certificates Total images without containers o 
Container Security 
Most Vulnerable Images 


v COMPLIANCE 


File Integrity Monitoring 
nginxdemos/hello 3 4 


» Tracking DockerHub official images pm MEE FETT 


Image Id: fce289e99eb9 


Alert Notification ttd 2 9 
Image Id: b7cc3702c278 e 
ubuntu 4 5 
Image Id: 769812826524 


> Upgrade for security across DevOps 
pipeline 
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Deeper Visibility Into 
Containers 


Inventory & security posture widgets 
* Count of images, containers 

+ Containers by state 

e Vulnerable images 


Personalize and add custom widgets 


Container Security DASHBOARD ASSETS EVENTS CONFIGURATIONS 


۷ Last 30 Days Y 


TOTAL IMAGES TOTAL CONTAINERS E 


605 


IMAGE DISTRIBUTION BY REGISTRY 


docker.io 


art-hq.intranet.qualys.com:5001 


520985521435.dkr.ecr.ap-southeast-1.amazonaws.... 


ROGUE CONTAINERS (BY SOFTWARE DIFFERENCES) 


New 


Removed 


IMAGE DISTRIBUTION BY VULNERABILITY SEVERITY 


947 


CONTAINER DISTRIBUTION BY ST! 


260 
55 
1 
6 
DELETED RUNI 
ROGUE CONTAINERS (BY VULNER/ 
2 Fixed 
2 Varied 


New 


CONTAINER DISTRIBUTION BY VU! 


Correlating with vulnerability data 


Container Security DASHBOARD ASSETS EVENTS CONFIGURATIONS India Naccount (quays_nn) 


Images Containers 


Search 
based on all 
attributes 68 1-50 of 68 


Total Images 


vulnerabilities.severity: "Severity 5” and repo.registry:"docker.io" 


docker.io elasticsearch Feb 06, 2018 | latest U 7 


Image ۱: 3 On Hosts: 1 7— — — 
© 
Preset qu ic k LABELS docker.io redis Feb 06, 2018 | latest 1 3 l ma g en fo 
NGINX Docker M... 3 Image Id: de560ba5403e On Hosts: 1 = R D t 
۰ OQ 7". 1 e. e l 5 r 
search filters GPLv2 1 docker.io kibana Feb 06, 2018 | latest 0 3 n 9 y 
E /Dockerfile 1 Image Id: 9ef680b9e227 On Hosts: 1 O m l nfo 
- Identify Git 1 
A CentOS Base Ima... 1 docker.io node Feb 01, 2018 | latest 0 3 ۰ 
images by Opsxcq@Strm.Sh 1 gaga i * Containers 
A S Bad-Dockerfile 1 . 
application Centos 1 docker.io httpd Jan26,2018 [latest for this 
Reference Docke... 1 Image Id: 2e202f453940 On Hosts: 1 = = 
labels Https;//Github.C... 1 Image 
Show less aan anis 0 
Image ۱0: 1 On Hosts: 1 = Hi I| 
e. 
int | Vulnerabilit 
docker.io solr Jan 19,2018 J latest 0 14 5 
Docker.lo 68 Image Id: 0ee0d104030e On Hosts: 2 m, y postu re H 
Art-Ha.Intranet.Q... 1 
docker.io tomcat Jan 18, 2018 | latest 0 13 E 1 
VULNERABILITIES Image Id: 66bbed06c8cd On Hosts: 1 کی‎ | Ea S y d ri | | 
Sols) E c docker.io kibana Jan 17, 2018 ۱ latest 0 10 d own fo r 
ibid a S Image Id: 6ded4c70c32d On Hosts: 1 U I] 
'everity complete 


inventory 
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Identify potential breaches in containers 


D ete Ct i n g R U n t i m e D r | ft “Drift” Containers, differ from their 


Detect Containers 
breaking off from 
“immutable” behavior 


parent Images by vulnerability, software 
package composition, behavior, etc 
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Container Security HOME DASHBOARD ASSETS CONFIGURATIONS 


Assets CODEC Containers 


Registries 


Q Search for containers... 


422 


Total Containers 


18 89 0 153 


Root Containers Privileged Containers Containers detected without CS Sensor Containers in Drift 
VULNERABILITIES 1 - 50 of 422 
Severity 5 110 
Severity 4 133 
Severity 3 197 
Severity 2 173 k8s_kube-proxy_kube-... Nov 01, 2019 - 5 15 hours ago 23 
STATE k8s_kube-proxy_kube-... Nov 01, 2019 - - 15 hours ago 23 
RUNNING 169 
DELETED 60 
STOPPED 27 k8s_omsagent_omsage... Nov 01, 2019 - - 15 hours ago 7 
CREATED 15 lnd 
k8s_kube-proxy_kube-... Nov 01, 2019 - - 15 hours ago 23 
DRIFT —... 
Vulnerability 153 
Software 1 k8s_omsagent_omsage... Nov 01, 2019 -= = 15 hours ago 2 
ا‎ 
PRIVILEGED k8s_omsagent_omsage... Nov 01, 2019 - - 15 hours ago 2 
false 200 [e 
true 89 
k8s_omsagent_omsage... Nov 01, 2019 = — 15 hours ago 2 
تا‎ 
ROOT 
true 18 k8s_tunnel-front_tunne... Nov 01, 2019 = = 15 hours ago Fi 
Em... 


Protecting Containers at Runtime 


Qualys layer for 
Container Runtime 
Security 
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NEW 


Protect Against Attacks with Container 
Runtime Security 


> Integrated into Qualys 
Platform 
> Function level firewall for 


containers 


> Granular security policies to 


© 
(8) euiejuo) 


@eauiequop 
اجه اور(‎ 


<- View Details: e910f86a4411 


control file, network, process 
behavior 

> Built-in policies from Qualys m - 
Threat Research — E cle 


ke 


|^ 


Moving Towards Automated 
Remediation 


e i 2 
pe de 
ge 
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Towards Seamless Visibility 
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Global IT Asset Inventory 


> Across application stack (Hosts, 
Kubernetes Pods, Containers, 
Serverless) 


> Correlate cloud inventory data = d d ج‎ 
with containers تس تسس‎ = 


EU (Frankfurt) 


TOP SOFTWARE PUBLISHERS 
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Qualys Cloud Security Coverage 


laaS PaaS SaaS 
Google Suite, Office 365 


EC2 Instance, Azure RDS, Azure SOL 
Database, Elastic Bean 


Stalk, Containers 


vm | pc IOC | TP 
DO000 was) war] es SaaS Security (Adya) 


VM, GCP Instance 


cog @ 
Cloud Infrastructure 


S3 Bucket, Security Group, Network Security Group, 
Storage Blobs, Load Balancers, Firewall Rules 


; ORACLE 
aws A Azure 9 Cao ~ aoo SOFTLAR 
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Qualys GitHub Tor DevOps 


> Automation scripts for sensors 
> Best practice process automation 


> Open source community around 
Qualys ecosystem 


https://github.com/qualvs R Scan me 
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